On 2015-06-04 03:56:35, John Johansen wrote: > allow specifying the change_profile keyword > > change_profile, > > to grant all permissions change_profile permissions > > Signed-off-by: John Johansen <[email protected]>
Acked-by: Tyler Hicks <[email protected]> > --- > parser/parser_lex.l | 2 +- > parser/parser_yacc.y | 14 ++++++++++++++ > parser/tst/equality.sh | 4 ++++ > parser/tst/simple_tests/change_profile/bare_ok_1.sd | 7 +++++++ > 4 files changed, 26 insertions(+), 1 deletion(-) > create mode 100644 parser/tst/simple_tests/change_profile/bare_ok_1.sd > > diff --git a/parser/parser_lex.l b/parser/parser_lex.l > index 0456843..286d9a2 100644 > --- a/parser/parser_lex.l > +++ b/parser/parser_lex.l > @@ -612,7 +612,7 @@ LT_EQUAL <= > PUSH_AND_RETURN(state, token); > } > > -<INITIAL,NETWORK_MODE,RLIMIT_MODE,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE>{ > +<INITIAL,NETWORK_MODE,RLIMIT_MODE,CHANGE_PROFILE_MODE,MOUNT_MODE,DBUS_MODE,SIGNAL_MODE,PTRACE_MODE,UNIX_MODE>{ > {END_OF_RULE} { > if (YY_START != INITIAL) > POP_NODUMP(); > diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y > index 3ebaed4..ce57153 100644 > --- a/parser/parser_yacc.y > +++ b/parser/parser_yacc.y > @@ -1481,6 +1481,20 @@ file_mode: TOK_MODE > free($1); > } > > +change_profile: TOK_CHANGE_PROFILE TOK_END_OF_RULE > + { > + struct cod_entry *entry; > + char *rule = strdup("**"); > + if (!rule) > + yyerror(_("Memory allocation error.")); > + PDEBUG("Matched change_profile,\n"); > + entry = new_entry(NULL, rule, AA_CHANGE_PROFILE, NULL); > + if (!entry) > + yyerror(_("Memory allocation error.")); > + PDEBUG("change_profile,\n"); > + $$ = entry; > + }; > + > change_profile: TOK_CHANGE_PROFILE TOK_ARROW TOK_ID TOK_END_OF_RULE > { > struct cod_entry *entry; > diff --git a/parser/tst/equality.sh b/parser/tst/equality.sh > index 89a048e..700ac8b 100755 > --- a/parser/tst/equality.sh > +++ b/parser/tst/equality.sh > @@ -458,6 +458,10 @@ verify_binary_equality "Deny of ungranted perm" \ > "/t { /foo/[abc] r, }" > > > +verify_binary_equality "change_profile == change_profile -> **" \ > + "/t { change_profile, }" \ > + "/t { change_profile -> **, }" > + > if [ $fails -ne 0 -o $errors -ne 0 ] > then > printf "ERRORS: %d\nFAILS: %d\n" $errors $fails 2>&1 > diff --git a/parser/tst/simple_tests/change_profile/bare_ok_1.sd > b/parser/tst/simple_tests/change_profile/bare_ok_1.sd > new file mode 100644 > index 0000000..3ea58d2 > --- /dev/null > +++ b/parser/tst/simple_tests/change_profile/bare_ok_1.sd > @@ -0,0 +1,7 @@ > +# > +#=DESCRIPTION change_profile > +#=EXRESULT PASS > +# > +/usr/bin/foo { > + change_profile, > +} > -- > 2.1.4 > > > -- > AppArmor mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
